Upgrade instructions versions 7.x
7.2.1 to 7.2.2
The default value of ANSI_PADDING for MS SQL database is changed to ON. See MS SQL documentation for further details.
General Instructions
- When using automatic migrations (
TOKEN_SERVER_COMMON_DB_MIGRATION_ENABLED=true
) make sureTOKEN_SERVER_COMMON_DB_MIGRATION_OUT_OF_ORDER
is set totrue
to ensureV2_02_17_01__fix_ansi_padding.sql
is applied.
Run all database scripts
- V2_02_17_01__fix_ansi_padding.sql (MS SQL only)
7.1.0 to 7.2.0
General Instructions
- Some objects that are stored in cache have been modified. To ensure consistency, it is advised to restart Redis during the upgrade process.
Run all database scripts
- V5_08_01_00__drop_unique_constraint_on_user_id_for_user_client_keys.sql (Oracle and MSSQL only)
Update package names for custom Token Server plugins
The interface com.onegini.tokenserver.oauth.model.EventType
has been moved to com.onegini.tokenserver.core.model.log.EventType
. You may need to update
any Token Server plugins that import com.onegini.tokenserver.oauth.model.EventType
.
7.0.0 to 7.1.0
SAML Service Provider configuration
The Signing credentials and Keystore password must be configured via the admin console when using SAML. Populate these fields via the SAML Service provider section in the Admin console.
Update Thymleaf templates
- consent.html
- sms-step-up.html
6.x.x to 7.0.0
A few major changes have been made to the Token Server:
- The cache mechanism has changed from EHCache to Redis. The Token Server no longer uses JGroups for cache replication in a clustered environment.
- The Token Server does not use etcd as configuration / discovery service anymore
Adapt Docker Compose variables
Remove the following variables:
- TOKEN_SERVER_ENGINE_CLUSTER_OPERATIONAL_MODE
- TOKEN_SERVER_DISCOVERY_BACKEND
- TOKEN_SERVER_PROVISIONING_ENABLED
Adapt Environment variables
Remove the following environment variables:
- HOST_IP
- HOSTNAME
- JGROUPS_REPLICATION_PORT
- JGROUPS_FAILURE_DETECTION_PORT
Install Redis
In order to run the Token Server you must have Redis configured and running. See the Redis configuration chapter for more info.
Support for Token Server extensions via etcd is dropped
Since etcd is no longer used as configuration service, the support for Token Server extensions via etcd is also dropped. You can still add extensions to the
Token Server via a Docker volume mount. The volume must be mounted to the /opt/token-server/engine/lib/
folder inside the Docker container. You can place any jar files that you wish to add to the Token Server classpath in this folder.
Migration for SQL Server
There is one column that could not automatically be dropped with the migration scripts due to an automatically generated default constraint name. You can run the SQL below to properly remove the constraint and the column.
--dynamically find the constraint name for CLIENT_CONFIGS.FIDO_ENABLED' Column and drop it.
DECLARE @var0 nvarchar(128)
SELECT @var0 = name
FROM sys.default_constraints
WHERE parent_object_id = object_id(N'dbo.CLIENT_CONFIGS')
AND col_name(parent_object_id, parent_column_id) = 'FIDO_ENABLED';
IF @var0 IS NOT NULL
EXECUTE('ALTER TABLE [dbo].[CLIENT_CONFIGS] DROP CONSTRAINT [' + @var0 + ']');
ALTER TABLE [dbo].CLIENT_CONFIGS DROP COLUMN [FIDO_ENABLED];
Admin authentication with multiple LDAP servers
The character to separate multiple LDAP server URLs in the property
TOKEN_SERVER_ADMIN_LDAP_SERVER_URLS
has changed from space to comma.